Author: Ken Dang

About: Ken Dang

Website

Profile

Ken Dang has well over 12 years of technology product management and product marketing experience creating and directing product development and launch strategies for new product introductions. He is specialized in the network and information security, data management, data protection, disaster recovery and storage industry. Ken is currently the Product Marketing Manager principally responsible for managing and driving the product marketing lifecycle for SonicWall’s enterprise firewall and policy and management product lines.

The earliest schemes of cryptography, such as substituting one symbol or character for another or changing the order of characters instead of changing the characters themselves, began thousands of years ago. Since then, various encoding and decoding systems were developed, based on more complex versions of these techniques, for the fundamental purpose of securing messages sent and received in written or electronic forms for all sorts of real world applications.

Some consider WannaCry to be the first-ever, self-propagating ransomware attack to wreak havoc across the globe. The chaos that followed is yet another harsh wake-up for many, in a situation far too familiar. Only this time, the victims are new, the infection spreads more rapidly, the effects are far-reaching and the headlines are bigger.

Times are extremely restless for security teams as they face highly motivated adversaries, and the onslaught of very active and progressive cyber-attacks. Today’s hacking techniques are stealthy, unpredictable in nature and waged by skillful attackers capable of developing innovative ways of circumventing security defenses. One new and more popular way that is becoming a status quo among malware writers today is the malicious use of encryption.

There is no end to the danger of cyber-criminal activities, as long as there is an underground marketplace that makes it almost impossible for authorities to intervene and enforce law and order. We continue to see our adversaries relentlessly going after money by developing and experimenting with different methods and tools against new and existing vulnerabilities, in preparation for the next phase of their business model.

The recently publicized Distributed Denial of Service (DDoS) attacks on the Domain Name System (DNS) service provider Dyn involved large numbers of IoT (Internet of Things) botnets. These attacks took many high traffic websites such as Twitter, Spotify and Netflix temporarily offline.

Contrary to conventional wisdom, recent reports suggest this attack could be the largest of its kind carried out by amateur hackers as opposed to someone with skills that are more sophisticated.

It can be tough to balance your personal life with work when your work is in network security. In my last post, I described how difficult it is for us in IT to defend against the kinds of attacks we see day in and day out. Worse, our own lives become less ours when the security systems we depend on to give us breathing room fall short of our reasonable expectations.

The popularity and use of ransomware appear to be spreading at record pace in 2016 as cybercriminals are actively using ransomware to hold businesses, institutions and even individuals hostage. No one is immune to this sort of attack. If you’ve been following the news, you’re probably aware that authorities and security experts are calling this the new crisis in cybercrime today.

The hacking economy continues to thrive. As you can see for the timeline chart below, we have seen data breach headlines in every industry verticals regardless of their size. Cyber-criminals made the most of their opportunities last year, and rest assured it’s unlikely to be any different for years to come.

Two days ago, Google published a blog revealing the latest critical vulnerability (CVE-2015-7547) that affects all versions of a standard GNU C Library (glibc), a big component of Enterprise Linux, which is used widely in operating systems, firmware, software and applications. The IT community is now racing to assess the risk, and gauge the impact to IT infrastructure.